Vendor responded - "just started looking into this vulnerability. It may
be true but the variables exposed pose no serious threat. However, plans
are in place to fix these vulnerabilities in the next version release."
- Steve